CFAA Ruling, Amazon Sidewalk, Agile Security Testing, & WordPress Plugins – PSW #697
This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware’s most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. Vulnerability Management is the Key to Stopping Attacks - "Virtually anything could become a security vulnerability, from applications containing legacy components, old software versions and outdated OS to even employees and users. In the fast-changing IT environment with several moving parts, third-party components and services, it is easy to miss updates, and this creates new vulnerabilities"
- 2. Overcoming Compliance Issues in Cloud Computing - "data security is always YOUR responsibility."
- 3. 9 Ransomware Early Warning Signs To Monitor In Your District’s Systems
- 4. 5 Devastating Endpoint Attacks: Lessons Learned – Security Boulevard
- 5. Attack on meat supplier came from REvil, ransomware’s most cutthroat gang - "REvil and its affiliates account for about 4 percent of attacks on the public and private sectors. In most respects, REvil is a fairly average ransomware enterprise. What sets it apart is the cruelty of its tactics, which are designed to exert maximum pressure on victims."
- 6. Agile security testing?—?pentest and automate - "I explore the idea of agile security testing, where penetration testing is performed first and test cases are automated after that. Agile security testing would be made in iterations of 1) test case execution, 2) penetration testing, and 3) creation of new test cases. The iterative approach naturally leads to constantly updating tests, which addresses the problem of evolving threat landscape."
- 7. WordPress Plugins Are Responsible for 98% of All Vulnerabilities – Latest Hacking News - "Like WordPress, WordPress Plugins are vulnerable to hacking. Why? For two reasons: (i) not all plugins follow the security protocol, and (ii) we can see the codes of the plugins. Hackers always analyze the code to find vulnerabilities in them. If you use a plugin, and the plugin is vulnerable to hacking, or you have not updated to the latest version, your website is then easily hackable. Since WordPress is open source, hackers know what the endpoints (URL) are, what data to use, and how to inject the scripts. "
- 8. The Vulnerabilities of the Past Are the Vulnerabilities of the Future
- 9. A Supreme Court ruling limits the reach of a landmark hacking law – CyberScoop - "The Supreme Court issued a 6-3 ruling Thursday determining that improper use of a computer system by someone allowed to use it does not fall under the Computer Fraud and Abuse Act, the nation’s landmark hacking law."
- 10. White House calls for companies to address ransomware threat 2021
- 11. Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module
- 12. My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability
- 13. Supreme Court narrows Computer Fraud and Abuse Act: Misusing access not quite the same as breaking in
- 14. Security Aspects to consider for a React Native Application
- 15. Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors
- 16. A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets
- 17. Cyber Security Researchers have Disclosed Two new Attack Techniques in PDF. – CyberWorkx
- 18. Intrusion Detection System – Have they become useless?
- 1. Supreme Court narrows scope of CFAA computer hacking law
- 2. Establishing Confidence in IoT Device Security: How do we get there?
- 3. FireEye to sell products unit to Symphony-led group for $1.2B – TechCrunch
- 4. NortonLifeLock Unveils Norton Crypto
- 5. Major meat producer JBS USA hit by cyberattack, likely from Russia
- 6. Ransomware attack disrupts Massachusetts ferries
- 7. My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability
- 8. MOSI/MISO and 140 Years Of Wrong
- 1. Army wants teleworkers to switch off smart IoT devices — FCW - The Army informed its teleworking workforce that they must immediately remove Internet of Thing (IOT) devices from their teleworking workspaces that possess the capability to listen for keywords that would automatically activate them.
- 2. Exclusive: Alibaba’s Huge Browser Business Is Harvesting The ‘Private’ Web Activity Of Millions Of Android And iPhone Users - UC Browser promised that with its “incognito” mode, no web browsing or search history would be recorded. Researcher discovers on both Android and iOS versions of UC Browser, every website a user visits, regardless of whether they’re in incognito mode or not, is sent to servers owned by UCWeb.
- 3. JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit: experts - The White House stated the attack against the world’s largest meat-packer was likely conducted by Russian hackers; several U.S. government agencies are assisting the Brazilian company with cyber assistance.
- 4. Australian meat processor JBS Foods hit by cyber attack - Meat processor JBS has warned it could take the company some time to recover from an “organised cyber security attack” that has impacted servers in Australia, US and other locations.
- 5. A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely - Siemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be leveraged by attackers to obtain remote access to protected areas of memory, allowing them to perform unrestricted and undetected code execution.
- 6. Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery – CyberScoop - Cozy Bear (APT29) group was spotted just days ago leveraging an election fraud-related lure document attached to a phishing email that purports to originates from the U.S. Agency for International Development (USAID) in attacks targeting government agencies, research institutions, and non-governmental organizations (NGO) in the U.S. and Europe.
- 7. Feds Warn DarkSide May Not Stay Dark - U.S. government cybersecurity and counterintelligence officials have revealed that the DarkSide cybercrime gang responsible for the Colonial Pipeline ransomware attack may soon reemerge, if it ever stopped operating at all.
- 8. US Pipelines Ordered to Increase Cyber Defenses After Hack - TSA has issued a directive mandating that U.S. pipeline owners and operators hire a cybersecurity coordinator, conduct regular cybersecurity assessments, and report any and all cyber incidents to the U.S. federal government.
- 9. APT actors exploiting Fortinet vulnerabilities to gain access to local governments - APT actors recently exploited old vulnerabilities affecting Fortinet firewalls and breached a web server hosting the domain belonging to a local U.S. government, and then moved laterally through the compromised network and created new domain controller, server, and workstation user accounts mimicking already existing accounts in order to exfiltrate or encrypt data and perform other malicious activities.
- 10. Researchers find four new malware tools created to exploit Pulse Secure VPN appliances - Mandiant Threat Intelligence says it has spotted four new malware samples (Bloodmine, Bloodbank, Cleanpulse, and Rapidpulse) that were specifically created to target Pulse Secure VPN appliances and are being used in attacks targeting defense, government, and financial organizations.
- 11. Russia’s FSB reports ‘unprecedented’ hacking campaign aimed at government agencies - Foreign hackers compromised Russian federal agencies in a digital espionage campaign that Russian officials described as unprecedented in scope and sophistication.
- 12. Japanese government offices hacked - The Japanese government has disclosed it suffered a data beach after hackers accessed Fujitsu's "ProjectWEB" information-sharing software, which is widely used by public offices and business in Japan, and gained access to data related to air traffic control.
- 13. French police seized dark web marketplace Le Monde Parallèle - Last week, French authorities have seized the dark web marketplace Le Monde Parallèle and arrested two of the platform's administrators following a months-long investigation.
- 14. Plaintext Passwords of 8.3 Million Users Leaked in a DailyQuiz Data Breach - Researchers say they found an unsecured, exposed database belonging to DailyQuiz containing some 13 million users' PII and plaintext passwords.
- 15. Chip shortage will lead to higher PC prices as Dell, HP, and Lenovo pass on higher costs - PC prices are likely to move higher in the second quarter and rest of 2021 as vendors pass along higher component and logistics costs amid strong demand.